#dev 2025-06-04

2025-06-04 UTC
#
[tantek] yes, micro-blog currently has the fewest setup steps (and/or need to learn/use GitHub)
#
[schmarty] I made (but did not popularize) a ~three click deployable IndieAuth endpoint that anyone could spin up on Glitch. I used it for a little project site. With Glitch shutting down I'm glad there aren't a bunch of people using it.
#
[mattl] Yeah, Glitch’s “we’re not shutting down but we’re shutting down” was a little unusual.
#
[schmarty] But I feel like this kind of thing should be sooo easy to spin up without code knowledge, but the hosting services keep changing the landscape
#
[mattl] I’d like to see a domain name seller offer to host 1mb of files or something like that for free.
#
[mattl] in a bunch of languages
#
[mattl] so when you buy one you can stick up a static HTML landing page without doing anything with hosting
#
[mattl] or you can stick up a basic PHP thing
#
[tantek] I think my domain name host lets me setup a single static page but I haven't done that in a while
#
aaronpk Normalize shared hosting!
#
[mattl] i always liked https://hcoop.net
#
[schmarty] Whence CPanel?
#
[tantek] it becomes one more thing to create an account on
#
[tantek] all to say, if you have to create two new accounts (domain name host, shared host or microblog) just to create a single personal web address for web sign-in, that seems like a whole lot of work
#
[tantek] i'd almost flip that around to email providers and say they should provide registering a single domain name as an add-on service
#
[mattl] i think fastmail might even do that.
#
[schmarty] ISPs used to do all this too haha
#
[mattl] but you’d have to convince people to want to pay for email.
#
[schmarty] All these things have become commoditized in weird ways, I guess.
#
[tantek] [mattl] I feel like there's a lot of overlap between people wanting to pay for (own) their email, and wanting to own their web identity
#
[tantek] like if you're already convinced you want your own web identity, good bet you've already decided to pay for an email address you have more ownership over than a "free" one from one of the old big providers
#
[schmarty] split into so many building blocks it's like a 500 piece LEGO build
#
[mattl] there’s something to be said for not doing that too…
#
[mattl] if you lose your domain name, you don’t want to lose your email.
#
[mattl] even if you lose your email address
#
[mattl] I think a lot of people just forward mailto:example@example.com to mailto:example69@gmail.com
#
aaronpk 👀
#
aaronpk I do that, and also route it back out
#
[mattl] fastmail does it btw [tantek] https://www.fastmail.help/hc/en-us/articles/1500000280141-How-to-set-up-a-website#owndomain — static pages only.
#
[tantek] ok that's pretty cool
#
[mattl] oh and i have one from 5 years ago i forgot about
#
[mattl] http://mattl.fastmail.com.user.fm
#
[mattl] (i don’t have a custom domain name with fastmail but I could)
#
[tantek] one point of using a paid email service for your domain is that you are VERY likely to get MUCH better (responsive, available on weekends, maybe 24/7) customer service than any "free" email address
#
[tantek] so the "loss" scenarios have much better repairs
#
[mattl] oh yeah, if you need to contact gmail — good luck
#
[tantek] right
#
[mattl] it’s old school but I like http://panix.com for this.
#
[mattl] they phoned me when i made my account too.
#
[tantek] there's a lot to be said for paying a service provider with whom you have had good customer support experiences
grufwub joined the channel
#
[mattl] yeah, for sure. UK users are lucky in that they can choose their ISP far more than we can in the US…. so they can pick https://www.aa.net.uk for example
#
gRegor could be a nice thing for hey.com to offer
#
[mattl] yeah, their domain name thing is a bit weird… but it does work nicely once you have it set up.
#
[mattl] and no HEY world with a domain name account.
#
aaronpk Should we be trying to find ways to change IndieAuth so that it's easier to use more existing services/tools?
#
osteophage [mattl] -- for what it's worth, if what you want is to edit the wiki, you don't actually need to buy a domain name for that.
#
Loqi [mattl] has 28 karma in this channel over the last year (66 in all channels)
#
osteophage Oh dangit I didn't mean to do that.
#
osteophage [mattl] ++ in compensation for my formatting error
#
osteophage Okay that didn't seem to register either.
#
[tantek] [mattl]++ restore karma 🙂
#
Loqi [mattl] has 29 karma in this channel over the last year (67 in all channels)
#
[tantek] aaronpk, yes to "ways to change IndieAuth so that it's easier" 🙂
#
osteophage [tantek]++ for showing me the way
#
Loqi [tantek] has 36 karma in this channel over the last year (164 in all channels)
#
[tantek] 🙏
#
[tantek] aaronpk, then the key is to ask for *whom* to make it easier, and in what priority order
#
osteophage Anyway, I was able to get into the wiki no problem just with a free Neocities account.
#
[tantek] "to use more existing services/tools" sounds like it could also reinforce say, wrapping a bad silo with IndieAuth frosting - the user is still trapped
#
[tantek] similarly I think omg.lol
#
aaronpk What's the actual underlying goal of IndieAuth here
#
[tantek] to provide a protocol for a Web Sign-in UX that complements the existing RelMeAuth method which depends on an existing OAuth provider to delegate to
#
aaronpk I was going for the higher level goal
#
[tantek] the higher level goal is make Web Sign-in UX the first thing people implement instead of Sign in with Google/Facebook/X/Etc.
#
aaronpk For example is the web address *the* defining goal of IndieAuth? As in, it's not just about the user being in control over the credential they use to sign in to things
#
aaronpk Interestingly, there is a method of "bring your own identity" that is extremely widely supported today
#
aaronpk But people don't think of it in those terms, which is possibly why it's popular
#
[tantek] sure, email / phone number. both of which are de facto (market) dependent on large providers with very poor customer service
#
aaronpk Anyone can buy a domain and set up email forwarding and use the email as their identity to sign in to many websites
#
[tantek] for example, Mozi (Ev's new startup / Dopplr clone) requires a phone number. so that stopped my sign-up flow. and that's AFTER requiring AppleID to start the sign-in flow
#
[tantek] yeah it's worth documenting which (if any?) domain registrars allow you to create an email alias (or multiple?) for no additional cost at your domain and forward it
#
[tantek] then you can implement sign-in with link like Slack does
#
[tantek] aaronpk, however, the reason why email sucks as identity is it has supplanted by folks sharing their IG (or prev their Twitter) @
#
[tantek] because the new user interaction is, "this is me" not "this is how to email me"
#
[tantek] and "you can also contact me" becomes a *secondary* feature of identity, not primary
#
[tantek] that's the big cultural shift that has occurred. so, socially, email is dead as primary identity
#
[tantek] point is to provide people a culturally smooth way to transition from @example to @example.com
#
[tantek] as their "this is me" or "follow me" or "you can also contact me"
#
[tantek] this reminds me, I need to iterate on the Web sign-in UX to shift the default UX from "`https:// [_example_com_]`" to "`@ [_example_com_]`"
#
[mattl] I need to start thinking about some of this stuff. Whatever I build next will carry over the existing http://Libre.fm username/email address but with a new password.
#
[mattl] But in future if/when I decide to open the new thing to registration it would be nice if someone could just use their domain name
#
[mattl] or whatever we’re calling then
#
[tantek] yeah, "personal web address" for broader consumption
#
[tantek] "domain name" is fine for the IndieWeb crowd 🙂
#
[tantek] or if you like Bluesky's docs, "your website as your username" https://bsky.social/about/blog/4-28-2023-domain-handle-tutorial
#
[mattl] I don’t like the idea that a domain name implies a website, but I get that I’m 9000 years old on that.
#
[mattl] all if this may change by then, as I plan to offer services around domain names too… but we’ll figure that out later. First I need to make the thing for people to tell me what they want.
#
[tantek] haha yep I get the distinction
#
[tantek] hence "domain name" or "web address"
#
[tantek] always interesting to see what terminology others are using to achieve similar goals
#
[mattl] i’d be curious what that looks like in other languages too. I want to get back on multilingual
#
[tantek] [mattl] they also say "using your domain as your handle"
#
[tantek] I have also heard the phrase "domain handle" used
#
[tantek] e.g. https://blog.gravatar.com/2025/02/06/bluesky-handle/
#
[tantek] also this is funny as a hook: “_Why does everyone on Bluesky have cooler handles than me?_“
#
[tantek] "domain handle" is catchy and I could be convinced to use that instead of "web address"
#
[tantek] curious what others think of these different phrases
#
osteophage I used "web address" in my recent make-a-website guide just because I figured that phrasing would be a little more intuitive for folks who had never seen the phrase "domain name."
#
[mattl] I don’t like “domain” and would prefer “web address” over that.
#
[tantek] good to know!
#
gRegor web address sounds better to me
#
gRegor What is ihazawebsite?
#
Loqi i.haza.website is a hosting service that can run your site on dobrado, supporting several IndieWeb building blocks https://indieweb.org/ihazawebsite
#
gRegor Another potentially easy onramt to domain and sign in to the wiki^
#
gRegor *onramp
#
[tantek] alrighty then
#
[mattl] anyone using Rails? https://api.rubyonrails.org/v7.2.1.2/classes/ActionController/AllowBrowser/ClassMethods.html#method-i-allow_browser
#
[mattl] being able to block browsers for not being “modern” might appeal to someone but I can’t turn this off fast enough
gRegor and [jgarber] joined the channel
#
[jgarber] [mattl] Concur. Don’t like it, won’t use it.
#
[artlung] Shoutout to carrvo for inspiring me to create this page which demonstrates the usage of `grid-auto-flow: column;` https://lab.artlung.com/kanban/ - also shown briefly at FrESH today.
#
[0x3b0b] I never did follow up to try to find out why my "haza.website" subdomain that I tried to set up for tire-kicking never got created. At the time I was curious whether freenom + haza + bridgy fed was, in fact, a completely free zero-to-blog with webmentions, fediversity, and minimal admin tax.
[schmarty], [Scout], [aciccarello], Dryusdan and [ggirelli] joined the channel
#
perryflynn [tantek]: I read all the wiki pages about indieauth yesterday, but I still have a hard time to understand what web sign-in can do / how it works without the relmeauth and indieauth protocols/extensions. is there any more info? when I google it there are alot of articles of microsoft about using oauth in windows. 😆 🙈
#
perryflynn from my side the spec pages are very helpful already for implementing things like a indieauth provider. I would like to write next an article to describe the possibilities. from "just use indielogin" to "build all yourself".
#
perryflynn first I thought web sign-in is just a nice word for oauth, but I am not sure.
#
[ggirelli] any thoughts about umami (https://github.com/umami-software/umami) for analytics? Especially in terms of privacy concerns etc...
#
doesnm imho privacy analytics it's a lie
#
[ggirelli] I have the exact same feeling
#
doesnm you can use webserver logs if you want to know which pages people are accesed. But privacy respecting sites are disabled logs
#
[ggirelli] yeah. I swerve my website through cloudflare and I have most options like that completely disabled
#
[KevinMarks] The other quickstart is omg.lol, though that takes a bit more to do than http://micro.blog
#
[KevinMarks] Could detecting an atproto connection be part of web sign in complementary to rel-me auth?
#
doesnm omg has much services. micro.blog is one service. Anyway i think micro.blog is more powerful
#
doesnm both are paid and i can't try it
barnaby, ttybitnik, Dryusdan and ttybitni` joined the channel
#
[tantek] perryflynn they are complementary. That's like asking how does CSS work without HTML
#
perryflynn aaah so web sign-in does not have any auth capabilities by itself. thanks.
#
[tantek] Web sign-in is the UX that can be implemented with one or more protocols underneath like RelMeAuth or IndieAuth, and yes each of those is built on top of OAuth (and does more than OAuth)
ttybitnik joined the channel
#
[tantek] You've pointed out the need for a diagram to help illustrate this :)
#
perryflynn that would be great. I try also to write something in my blog posts which maybe can reused later for the wiki.
#
[tantek] That would also be great!
oodani joined the channel
#
[artlung] Made my CSS-only Kanban board a bit more dynamic. Also learned that `select options` also use `:checked` in `:has()` states. https://lab.artlung.com/kanban-2/
#
Loqi [preview] Kanban Task Board in CSS Grid (Part 2)
#
perryflynn wow, impressive!
#
[tantek] [snarfed] looks like BridgyFed may have missed this Bs @-mention for me? https://bsky.app/profile/voxpelli.com/post/3lqr65rbdcc2o
#
doesnm [tantek]: are you use default bridgyfed web domain?
#
[tantek] Yes. See https://fed.brid.gy/web/tantek.com/notifications
GuestZero and [snarfed] joined the channel
#
[snarfed] [tantek] BF sent you a webmention for it, to your home page, https://webmention.io/tantek.com/webmention/rlqkkQVmECS_UloG3vtL
#
[snarfed] I can look into why it's not in the notifs UI
#
[tantek] Ah thank you! Forgot to check the wms to see if there was more there
#
doesnm https://s.h4ks.com/BZd.jpg
#
[snarfed] anyone know if there's any prior IndieWeb art on "approving" quote posts or related controls, Mastodon style? https://codeberg.org/fediverse/fep/src/branch/main/fep/044f/fep-044f.md
#
[snarfed] trying to understand whether/how to bridge them, https://github.com/snarfed/bridgy-fed/issues/1956
#
[snarfed] I don't see anything on https://indieweb.org/quotation
#
Loqi [preview] [jhenstridge] #1956 Please add support for FEP-044f quote post authorisations
[Jo] joined the channel
#
doesnm what is quote
#
Loqi “ A quotation is a type of response post that is primarily a subset of the contents of another post, and often has a citation of that other post https://indieweb.org/quote
#
doesnm [snarfed]: look at this https://indieweb.org/quotation#How_to
#
[snarfed] doesnm I'm familiar with indieweb quote posts. I was asking about *approvals*, and related controls on the quotee's side
#
[tantek] [snarfed] nothing specific to that response-type. I think all such "approvals" are documented under /moderation for all response types
#
[tantek] Any reason why quote posts should have special approval UI vs other responses ?
#
doesnm [tantek]: someone want to deny ability to quote they posts
#
[snarfed] Got me. It sounds like Mastodon's approvals flow back to the quoter, they aren't just local? Not sure
#
[snarfed] Right
#
[tantek] doesnm you missed the point. why only deny for quote responses instead of any kind of response
bterry1 joined the channel
#
[mattl] any good client would render a URL to a post in another pot anyway, so I can just write “mattl stinks https://mattl.example.com/post/123” and.. that’s a quote.
#
[mattl] another post
GuestZero_ joined the channel
#
[tantek] yeah the presentation differences are subtle (if there at all) between rendering a link-preview of the first/last link in a note post, and a "quote post"
#
[tantek] a while ago Twitter started rendering a tweet with a link to another tweet as a quote tweet.
#
[tantek] [mattl] you're right in practice. it's quite meaningless for a "system" (software, protocol whatever) to somehow provide locks/barriers to "quote posts" of your posts but not posts that have links to your posts. And if you do the latter, you break the web and people say "Y U HATE HYPERLINKS?" so it's kinda pointless?
#
[tantek] like how feasible/enforceable would be for sites to have block lists of "I don't want these other domains to link to me" ?
#
perryflynn which comes into my mind here: should a mf2 parser (triggered by a webmention or so) respect robots.txt?
[Murray] joined the channel
#
[Murray] I think it's probably due to quote posts on Twitter often being an abuse target, encouraging pile-ons and amplifying toxic behaviour. Mastodon & BlueSky both have tools to help in those situations, but as the person being quoted, you'd need to know where the quote has gone
#
[Murray] e.g. "detaching" on BlueSky: https://bsky.social/about/blog/08-28-2024-anti-toxicity-features
#
[tantek] re: "should a mf2 parser (triggered by a webmention or so) respect robots.txt" -> insufficient context. plumbing absent UX context can't make decisions like that
#
[tantek] do they really think it will meaningfully stop folks from "just linking" to posts to dunk on them instead of some formal "quote post" UI fanciness?
#
[tantek] like I get the motivation / use-case. I am questioning the effectiveness.
gRegor joined the channel
#
[Murray] it does cut off the harassment to some extent. Like blocked people can still post about you, but at least you're not constantly getting notifications telling you that its happening
#
[Murray] and I'd say increasing friction works; you see a lot fewer quote posts on Masto, because copying/pasting a post link is a pain
gRegorLove_, NaomiAmethyst and [Scout] joined the channel
#
[tantek] interesting. perhaps that's a good reason to make users have to copy/paste links
#
[KevinMarks] I think the detaching is at the app_view layer, so the links are still there in the underlying structure, but I'd have to poke at it a bit more
#
[tantek] similarly a "block link-previews" option / list could be helpful
#
rubenwardy they'll just share a screenshot then
#
[tantek] "just" discounts the additional friction to doing so, as [Murray] pointed out
#
[tantek] we know friction in UIs work. add friction to some task, fewer people will do it.
#
rubenwardy this friction will have more of an effect on well meaning users than ill meaning ones though
#
rubenwardy This thing seems a little odd to me but I imagine they're working with a lot of user feedback and this is helping a lot of people
#
rubenwardy bsky's quote post detach is pretty cool
#
[mattl] what do people think of tailwindcss?
#
gRegor I'm -1 on it
#
gRegor what is tailwind
#
Loqi Tailwind is a CSS framework introduced in 2017 that replicates similar functionality as the standard HTML style attribute, though using abbreviated cryptic class names https://indieweb.org/Tailwind
#
[tantek] might be worth a FreSH Q&A (since so many sites get this wrong) — what's a good way to implement fixed position headers that don't cause fragments to heading to scroll (and disappear) underneath those fixed position headers? (note precise use of header vs heading) e.g. Medium gets this wrong: https://prudhvikchirunomula.medium.com/migrating-from-hashlocationstrategy-to-pathlocationstrategy-in-angular-a-comprehensive-guide-867060f1483e#f3a0
#
[mattl] gRegor: I’m at the same place. It shipped with my Rails scaffold and I’m like “okay this looks pretty good” — then I tried to add something to the page and nope, looks like trash.
#
[tantek] related, does anyone have a "definitive" or at least well reasoned resource on how "/#/" URLs for web app routing were obsoleted by "/#!" URL routing techniques which were then obsoleted by just use normal paths please and history API as needed techniques? Wikipedia and Google search seem useless for this
#
[tantek] aside: annoyed that the Wikipedia article for hashbang is exclusively about unix and completely omits it's dead-end history in webdev
#
[tantek] (I would work on a proposal to split hashbang (/!# URL routing) into a different page from shebang (the use in unix contexts) but don't have the energy to fight that particular Wikipedia nerd-battle rn)
#
gRegor https://en.wikipedia.org/wiki/URI_fragment#hash-bang
#
gRegor what is hashbang
#
Loqi A hashbang (or hash-bang fragment) is the character sequence #! inside a URL, typically at the start of the path, including in post permalinks (like Twitter did 2010-2012), and is an antipattern you should never use as part of your personal site URL design https://indieweb.org/hashbang
#
[mattl] yeah, i’ve not heard a shebang called a hashbang before.
#
[mattl] I never understood what they were for, never used them and then they went away really quickly.
#
rubenwardy It comes from bad JS practices that web tech thankfully grew out of
#
[tantek] yep, for the record (since they deleted it, even before the acquisition) https://web.archive.org/web/20130519224228/http://engineering.twitter.com/2012/05/improving-performance-on-twittercom.html
#
[tantek] Also from HTML5Doctor from a while ago: https://html5doctor.com/history-api/#those-fking-hashbangs
perryflynn and [Trevor_Morris] joined the channel
#
[Trevor_Morris] I use tailwind on my website (via @apply and BEM syntax with a build step). I’ve used it on a few projects too. I can see the pros and cons. I like the “design token” approach to config and some of the classes take difficulty out of things and group breakpoints. But you can run into issues and there are different ways to use it.
duanin2, ttybitnik and barnaby joined the channel
#
[tantek] note that Medium fragment / heading hiding behind the header bug is visible with JS turned off (or not loading for medium-com at least)
btrem joined the channel
#
btrem Has anyone ever build a carddav server? My searches have mostly resulted in how to /use/ a carddav server, not how to /build/ one. I think it uses vCard. I have a Drupal database of users, and I can certainly output a list in that format. But maybe a project like this is beyond my amateur abilities. :/
#
btrem ...built...
#
btrem It would not need write abilities. In fact, read-only would probably be preferable.
#
perryflynn probably you could use/checkout the carddav related code classes in sabre? https://github.com/sabre-io/dav/tree/master/lib/CardDAV
#
btrem I think if I did that, I'd have to create a Drupal module. Probably out of my league.
#
btrem I was sort of hoping to create a url that returned a list of vCards and be done with it. ;-)
#
perryflynn then my approach would be to get a carddav output from somewhere and replicate the output in my own script.
#
btrem yes, but finding that example carddav output has proven to be a bit of a challenge. Perhaps my search-fu is weak.
barnaby, balintm, ttybitnik and btrem joined the channel
#
[tantek] CardDAV (and CalDAV) is due for an HTML-based replacement, especially for the read-only use case
#
[tantek] And maybe a shim/proxy that serves "classic" *DAV and proxies it to reading h-cards or h-events
#
[tantek] Like why should every dev have to suffer through the admintax of maintaining another protocol for read-only of the information already in their HTML that they're serving?
#
[tantek] And then on the write side, proxy classic *DAV to Micropub rewrite
#
[tantek] Micropub requests* (lol that was some autocorrect to "rewrite")
#
btrem [tantek] is carddav another protocol? I can't even figure that part out. It _appears_ to use http(s), BICBW about that.
#
btrem I feel like the shim/proxy is what I'm after. So email client queries for carddav, and I serve it what it wants, using a webpage with names and email addresses.
sebbu2 joined the channel
#
[tantek] Yes it's a protocol layered on top WebDAV which is layered on top https
#
[tantek] Wikipedia summary is good